From 34f84f96082d3302fe910340a1fe2872b15018ee Mon Sep 17 00:00:00 2001
From: Jakub Onderka <jakub.onderka@gmail.com>
Date: Tue, 22 Oct 2024 08:59:44 +0200
Subject: [PATCH 1/3] Do not allocate new string when processing HTTP3 request

---
 src/ngx_http_modsecurity_rewrite.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/ngx_http_modsecurity_rewrite.c b/src/ngx_http_modsecurity_rewrite.c
index 926cf70..8fe1dfa 100644
--- a/src/ngx_http_modsecurity_rewrite.c
+++ b/src/ngx_http_modsecurity_rewrite.c
@@ -134,10 +134,15 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
             case NGX_HTTP_VERSION_11 :
                 http_version = "1.1";
                 break;
-#if defined(nginx_version) && nginx_version >= 1009005
+#ifdef NGX_HTTP_VERSION_20
             case NGX_HTTP_VERSION_20 :
                 http_version = "2.0";
                 break;
+#endif
+#ifdef NGX_HTTP_VERSION_30
+            case NGX_HTTP_VERSION_30 :
+                http_version = "3.0";
+                break;
 #endif
             default :
                 http_version = ngx_str_to_char(r->http_protocol, r->pool);

From 3aa6dcade13f414ba62fd9697df6df72124ca997 Mon Sep 17 00:00:00 2001
From: Jakub Onderka <jakub.onderka@gmail.com>
Date: Tue, 22 Oct 2024 09:19:00 +0200
Subject: [PATCH 2/3] Do not allocate new string for common HTTP methods

---
 src/ngx_http_modsecurity_rewrite.c | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/src/ngx_http_modsecurity_rewrite.c b/src/ngx_http_modsecurity_rewrite.c
index 8fe1dfa..e69c39d 100644
--- a/src/ngx_http_modsecurity_rewrite.c
+++ b/src/ngx_http_modsecurity_rewrite.c
@@ -157,15 +157,41 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
                 break;
         }
 
+        // Do not allocate new string for common methods
+        const char *n_method;
+        switch (r->method) {
+            case NGX_HTTP_GET:
+                n_method = "GET";
+                break;
+            case NGX_HTTP_HEAD:
+                n_method = "HEAD";
+                break;
+            case NGX_HTTP_POST:
+                n_method = "POST";
+                break;
+            case NGX_HTTP_OPTIONS:
+                n_method = "OPTIONS";
+                break;
+            case NGX_HTTP_CONNECT:
+                n_method = "CONNECT";
+                break;
+            default:
+                n_method = ngx_str_to_char(r->method_name, r->pool);
+                if (n_method == (char*)-1) {
+                    return NGX_HTTP_INTERNAL_SERVER_ERROR;
+                }
+                break;
+        }
+
         const char *n_uri = ngx_str_to_char(r->unparsed_uri, r->pool);
-        const char *n_method = ngx_str_to_char(r->method_name, r->pool);
-        if (n_uri == (char*)-1 || n_method == (char*)-1) {
+        if (n_uri == (char*)-1) {
             return NGX_HTTP_INTERNAL_SERVER_ERROR;
         }
         if (n_uri == NULL) {
             dd("uri is of length zero");
             return NGX_HTTP_INTERNAL_SERVER_ERROR;
         }
+
         old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);
         msc_process_uri(ctx->modsec_transaction, n_uri, n_method, http_version);
         ngx_http_modsecurity_pcre_malloc_done(old_pool);

From 037f3e7558331afee3449a3a4a0ed46c72775f18 Mon Sep 17 00:00:00 2001
From: Jakub Onderka <jakub.onderka@gmail.com>
Date: Tue, 22 Oct 2024 10:46:35 +0200
Subject: [PATCH 3/3] Add support for HTTP 3.0 as response protocol

---
 src/ngx_http_modsecurity_header_filter.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/src/ngx_http_modsecurity_header_filter.c b/src/ngx_http_modsecurity_header_filter.c
index 257e7fd..1b5983e 100644
--- a/src/ngx_http_modsecurity_header_filter.c
+++ b/src/ngx_http_modsecurity_header_filter.c
@@ -471,7 +471,7 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r)
      */
     for (i = 0; ngx_http_modsecurity_headers_out[i].name.len; i++)
     {
-        dd(" Sending header to ModSecurity - header: `%.*s'.",
+        dd("Sending header to ModSecurity - header: `%.*s'",
             (int) ngx_http_modsecurity_headers_out[i].name.len,
             ngx_http_modsecurity_headers_out[i].name.data);
 
@@ -516,14 +516,24 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r)
 
     /*
      * NGINX always sends HTTP response with HTTP/1.1, except cases when
-     * HTTP V2 module is enabled, and request has been posted with HTTP/2.0.
+     * HTTP V2 module is enabled, and request has been posted with HTTP/2.0
+     * or when using HTTP V3
      */
-    http_response_ver = "HTTP 1.1";
-#if (NGX_HTTP_V2)
-    if (r->stream) {
-        http_response_ver = "HTTP 2.0";
-    }
+    switch (r->http_version) {
+#ifdef NGX_HTTP_VERSION_30
+        case NGX_HTTP_VERSION_30 :
+            http_response_ver = "HTTP 3.0";
+            break;
+#endif
+#ifdef NGX_HTTP_VERSION_20
+        case NGX_HTTP_VERSION_20 :
+            http_response_ver = "HTTP 2.0";
+            break;
 #endif
+        default:
+            http_response_ver = "HTTP 1.1";
+            break;
+    }
 
     old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);
     msc_process_response_headers(ctx->modsec_transaction, status, http_response_ver);